What's the best way to replace value of attribute which can handle multiple values?

Michael Ströder michael at stroeder.com
Wed Sep 9 10:54:43 CEST 2009


Zhang Huangbin wrote:
> What's the best way to 'replace' value of attribute which can handle  
> multiple values?
> 
> Such as:
> 
> dn: uid=myuid,dc=example,dc=com
> cn: cn1
> cn: cn2
> cn: cn3
> 
> My purpose is to get ldif like this (no cn=cn2 any more):
> 
> dn: uid=myuid,dc=example,dc=com
> cn: cn1
> cn: cn3
> cn: cn4
> 
> I want to replace cn=cn2 by cn=cn4 if it exist, or add cn=cn4 directly  
> if 'cn=cn2' donesn't exist.
> 
> If cn=cn2 is not exist, [(ldap.MOD_DELETE, 'cn', 'cn2')] will raise an  
> error.

Could you please post the error raised and mention with which server you're
testing?

I'd try [(ldap.MOD_DELETE, 'cn',['cn2'])]

> If cn=cn2 is not exist, [(ldap.MOD_ADD, 'cn', 'cn4')] will add cn=cn4,  
> but can't delete 'cn=cn2'.

Try this: [(ldap.MOD_ADD, 'cn',['cn4'])]

In general for this to work the server has to have an EQUALITY matching rule
defined for the attribute type in question and implement this matching rule.
This should be the case for 'cn' alias 'commonName' but one never knows for sure.

In web2ldap I have implemented a variant of the function
ldap.modlist.modifyModlist() which looks at the schema to determine use of
EQUALITY matching rule and generate the diff accordingly.

Ciao, Michael.



More information about the python-ldap mailing list